Allowing Pipelines Actions in GitHub Actions
Gruntwork Pipelines uses a set of Gruntwork-built reusable Github Actions, which are available in the GitHub Marketplace. Gruntwork is a Verified Creator of GitHub Actions.
GitHub Enterprise
Gruntwork recommends explicitly allowing Actions required by Gruntwork Pipelines to run in your GitHub organization. See Allowing select actions and reusable workflows to run to learn more.
You will need to allow the following GitHub Actions for Gruntwork Pipelines to run successfully:
- gruntwork-io/pipelines-dispatch
- gruntwork-io/pipelines-orchestrate
- gruntwork-io/pipelines-execute
- gruntwork-io/terragrunt-action
- aws-actions/configure-aws-credentials
- Codex-/return-dispatch
- Codex-/await-remote-run
- dsaltares/fetch-gh-release-asset
- peter-evans/create-pull-request
Gruntwork recommends using a tagged version of the gruntwork-io actions and a wildcard for the non-Gruntwork actions, as the non-Gruntwork actions are wrapped in the Gruntwork actions. This will require less administrative work to keep policies up to date with versions being used by Gruntwork actions. An example policy can be found below.
gruntwork-io/pipelines-dispatch@<newest release>,
gruntwork-io/pipelines-orchestrate@<newest release>,
gruntwork-io/pipelines-execute@<newest release>,
gruntwork-io/terragrunt-action@<newest release>,
aws-actions/configure-aws-credentials@*,
Codex-/return-dispatch@*,
Codex-/await-remote-run@*,
dsaltares/fetch-gh-release-asset@*,
peter-evans/create-pull-request@*
Navigate to each Gruntwork repository to retrieve the latest tagged release for each action.
GitHub Team and Pro
Currently GitHub Actions does not support selecting specific repos outside of your own GitHub organization for the team and pro tier. To use Gruntwork Pipelines you must select the Allow all actions and reusable workflows option in the Actions general settings at the Organization level.